Preventing SQL Injection Attacks
<?php
if (isset($_POST['product_name']) && isset($_POST['product_description']) && isset($_POST['user_id'])) {
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password');
if(!is_resource($link)) {
echo "Failed to connect to the server\n";
// ... log the error properly
} else {
// Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.
if(get_magic_quotes_gpc()) {
$product_name? ? ? ? = stripslashes($_POST['product_name']);
$product_description = stripslashes($_POST['product_description']);
} else {
$product_name? ? ? ? = $_POST['product_name'];
$product_description = $_POST['product_description'];
}
// Make a safe query
$query = sprintf("INSERT INTO products (`name`, `description`, `user_id`) VALUES ('%s', '%s', %d)",
mysql_real_escape_string($product_name, $link),
mysql_real_escape_string($product_description, $link),
$_POST['user_id']);
mysql_query($query, $link);
if (mysql_affected_rows($link) > 0) {
echo "Product inserted\n";
}
}
} else {
echo "Fill the form properly\n";
}
?>
Sessions
I did not know this, but sessions are destroyed when the user closes their BROWSER, not when they close your website.
How to use cookies -
Store a cookie on the users pc with their name, when they leave the site and come back it should welcome them and request them to log back in.
<?php
if (isset($_POST['name']) || isset($_POST['pass'])) {
// form submitted
// check for required values
if (empty($_POST['name'])) {
die ("ERROR: Please enter username!");
}
if (empty($_POST['pass'])) {
die ("ERROR: Please enter password!");
}
// set server access variables
$host = "localhost";
$user = "test";
$pass = "test";
$db = "db2";
// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// create query
$query = "SELECT * FROM users WHERE name = '" . $_POST['name'] . "' AND pass = SHA1('" . $_POST['pass'] . "')";
// execute query
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
// see if any rows were returned
if (mysql_num_rows($result) == 1) {
// if a row was returned
// authentication was successful
// create session and set cookie with username
session_start();
$_SESSION['auth'] = 1;
setcookie("username", $_POST['name'], time()+(84600*30));
echo "Access granted!";
}
else {
// no result
// authentication failed
echo "ERROR: Incorrect username or password!";
}
// free result set memory
mysql_free_result($result);
// close connection
mysql_close($connection);
}
else {
// no submission
// display login form
?>
? ? ? ? <html>
<head></head>
<body>
<center>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Username <input type="text" name="name" value="<?php echo $_COOKIE['username']; ?>">
<p />
Password <input type="password" name="pass">
<p />
<input type="submit" name="submit" value="Log In">
</center>
</body>
</html>
<?php
}
?>
Great article on learning OOP
http://devzone.zend.com/article/638-PHP-101-part-7-The-Bear-Necessities
Read the rest of their articles if you’re interested in learning PHP in general. They are fantastic.
Caring for Your Introvert
Here’s a interesting article from atlantic.com by Jonathan Rauch.
Do you know someone who sounds like this first paragraph? Maybe intimately?? 
Take a moment then, and have a read.
Do you know someone who needs hours alone every day? Who loves quiet conversations about feelings or ideas, and can give a dynamite presentation to a big audience, but seems awkward in groups and maladroit at small talk? Who has to be dragged to parties and then needs the rest of the day to recuperate? Who growls or scowls or grunts or winces when accosted with pleasantries by people who are just trying to be nice?
Almost everyone is held down by what some call “the silent killer”. Procrastination strikes everywhere. We all want to avoid the pain or discomfort of doing something we feel is boring, stupid, pointless, hard, complicated, risky, possibly really emotionally painful and so on.
But even though we know that we will have to do it eventually and that we’re just deluding ourselves we still put it of. Often with reasons we know deep down are weak and we really just made up. We get stuck in a vicious circle of doing too little of both what we want and what we don’t want. We get stuck. Here are 7 ways to squash procrastination and move forward.